Encryption and authentication method and apparatus

ABSTRACT

The invention discloses a method for encrypting and/authenticating, comprising the following steps:
         Sending a request for a first bit combination or character combination as a first sub key ( 102 );   storing said first bit combination or character combination in the memory ( 104 );   generating a second bit combination or character combination as a second sub key ( 106 ), wherein the second bit combination or character combination is a random or pseudo random pattern; and   combining said first sub key and second sub key to a key ( 108 );   further comprising at least one of the following steps:   encrypting the data with the key ( 110 );   using the key as an authentication password ( 112 ); and a method of decrypting and/or authenticating, comprising the following steps:   sending a request for a first bit combination or character combination as a first sub key ( 202 );   storing said first bit combination or character combination in the memory ( 204 );   repeating the following steps until a key has been verified as valid:   generating one by one a second bit combination or character combination as a second sub key ( 206 ), wherein the second bit combination or character combination is one by one taken from the set of all possible second sub keys ( 208 );   combining said first sub key and second sub key to a key ( 210 );   verifying, whether the key is valid ( 212 );   if said key has been verified as valid, decrypting the data with the key ( 214 ) and/or using the key an authentication password ( 216 ).

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application claims the benefit of European Patent Application No.EP15154982.1, filed Feb. 13, 2015, the entirety of which is herebyincorporated herein by reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to an improved encryption andauthentication method and apparatus.

2. Description of the Related Art

In the prior art passwords are widely used for authenticating a user ora service on a computer. Passwords are also used for protectingarchives, such as ZIP archives.

However, it is possible to bypass such password protection by simplytesting an arbitrary number of bit combination or charactercombinations, also called brute forcing or simply forcing.

In the prior art of encryption several methods for authenticating anidentity, for encrypting data, for generating checks sums and/or forgenerating hashes are available, wherein the security for notdetermining a used key is depending on the capabilities of the potentialattackers. Many of these methods are considered by person skilled in theart to be secure against simply trying an arbitrary number of passwordpatterns, often called brute forcing or forcing. Brute forcing orforcing tries to determine a password by trying all possible keys. Sincethe amount of keys that can be tested within a predetermined period canbe very high by using modern computers or computer clusters, theevaluation, whether a key is safe or unsafe is determined by its lengththat may be evaluated by its length in bits. The performance of moderncomputers, supercomputers and computer clusters is so high thatdepending on the details of the used attack, the automatic testing of avery high number of keys may be achieved within a period that thisaccepted by the attacker. In other words, the safety of a key is higherthe longer the information content in bits or its length is. A key thatmay be easily memorized by a human, particularly passwords, are oftenbelow a sufficient level of security.

In the prior art methods are known for to preventing testing differentkeys on a computer device, for example by introducing an idle time afterentering a wrong key.

This reduces significantly the number of keys that can be tested withina predetermined period. Such methods can only be applied if the testingis done by a predetermined interface, such as a keyboard or a particularcomputer. An attack can circumvent the idle time if he uses a computercluster for determining a password or can test an arbitrary number ofpasswords on his own computer system. Thereby, the number of keys to betested within a predetermined period may be maximized. This isparticularly true, if the attacker has physical access to the dataarchive or the computer.

In the prior art of encryption, methods are available to avoidcircumvention of brute forcing algorithm complexity by appending asecond sub key (called “salt”) to the user key before the hashingalgorithm is carried out, such eliminating the possibility to usepre-calculated hashing tables or other simplification methods.

It is an object of the present invention to provide a more secureencryption and authentication method and apparatus.

SUMMARY OF THE INVENTION

An inventive method for encrypting and/or authenticating comprises thestep of sending a request for a first bit combination or charactercombination as a first sub key and storing the first bit combination orcharacter combination in the memory. According to the present inventiona second bit combination or character combination is generated as asecond sub key, wherein the second bit combination or charactercombination is a random or pseudo random pattern. The first sub key andthe second sub key are combined to a key. Data is encrypted with thekey. The key may also be used as an authentication password toauthenticate on a computer.

In the context of the present invention a computer is any device havinga central processing unit and a memory, such as a smart phone, a tabletcomputer, a personal computer, a notebook, a laptop or the like. Theauthentication may also include an authentication at a service, such asa program running on a computer, for example on a remote computer.

The first sub key has a length of “a” bits and the second sub key has alength of “b” bits. Thus, for determining the first sub key 2 a keyshave to be tested. For determining the key including the first sub keyand the second sub key 2 a +b keys have to be tested as test stimuli.Thereby, the time for determining a password by brute forcing issignificantly extended, which may hinder attackers to apply bruteforcing.

The second sub key does not need to be known to the user. The firstand/or second sub key needs to be known to the computer which requiresauthentication, and/or to a data archive, which is protected by apassword or key, only as the result of an encrypting and/or hashingoperation in order to verify the correctness of the combined key, notnecessarily in unencrypted and/or unhashed form.

The method for decrypting and/or authenticating comprises the step ofsending a request for a first bit combination or character combinationas a first sub key and storing the first bit combination or charactercombination in the memory. According to the invention the step ofgenerating a second bit combination or character combination as apossible second sub key of a plurality of second sub keys, wherein thesecond bit combination or character combination is selected from the setof all possible second sub keys, the step of combining the first sub keyand the second sub key to a key and the step of verifying whether thekey is valid are repeated until the key has been verified as valid. Ifthe key has been verified as valid, the data is decrypted with the keyand/or the key is used as an authentication password.

The decryption method generates a plurality of patterns as a second subkey for generating the key for decrypting data and/or for generating theauthentication password. Thereby, the time required for decrypting dataor determining the authentication password is increased. Such timeincrease may be acceptable, if the first sub key is known, since it isinputted by the user. However, if the first sub key is determined bybrute forcing the time required for determining the key or password issignificantly increased, since both the first sub key and the second subkey have to be determined by brute forcing. Thereby, determining the keyor the password is less attractive for an attacker.

The step of verifying whether the key is valid may include attempting todecrypt the data and/or authenticating using the password. The methodmay try to decrypt an archive (e.g. ZIP archive) or authenticate usingthe password on a computer or a service.

The step of sending a request may comprise the step of sending a requestto a user to enter the first sub key on a computer.

The step of combining the first sub key and the second sub key mayinclude concatenating the first sub key and the second sub key,inserting the second sub key at an arbitrary position of the first subkey, inserting the first sub key at an arbitrary position of the secondsub key, adding the second sub key at the end or beginning of the firstsub key and/or interleaving the first sub key and the second sub key.Such concatenating, inserting, interleaving and adding may be performedon bit or character level. Thereby, even the security of a password thatmay be memorized by human beings may be increased significantly.

The second sub key may be of a different length than the first sub key,the second sub key may be shorter than the first sub key, for example.The step of encrypting may comprise the step of generating and storing ahash value based on the key. The step of decrypting may comprise thestep of generating a hash value and comparing the generated hash valuewith a stored hash value.

The invention also discloses an encrypting and/or authenticationapparatus comprising a requesting device adapted to request a first bitcombination or character combination as a first sub key and a memory forstoring the first bit combination or character combination. According tothe invention a random or pseudo random generator is adapted to generatea second bit combination or character combination as a random or pseudorandom second sub key. The encrypting apparatus further comprises acombiner adapted to combine the first sub key and the second sub key toa key. The key may be used by an encrypting device of the encryptingapparatus to encrypt the data with the key. The encrypting apparatus mayalso comprise a password generator adapted to generate a password basedon the key.

The encrypting apparatus may be configured and used as discussed abovewith respect to the encrypting method.

The invention also discloses a decrypting and/or authenticationapparatus that comprises a requesting device adapted to request a firstbit combination or character combination as a first sub key and a memoryfor storing the first bit combination or character combination. Thedecrypting apparatus further comprises a key set generator adapted toselect or generate one possible second sub key of a plurality ofpossible second sub keys. The decrypting apparatus may comprise acombiner adapted to combine the first sub key and the second sub key toa key. The decrypting apparatus further comprises a verifier adapted toverify, whether the key is valid. The decrypting apparatus furthercomprises a decrypting device adapted to decrypt the data with the key.The decrypting apparatus further comprises a controller adapted tocontrol the key set generator, the combiner, the verifier and thedecrypting device by instructing the key set generator to generate anarbitrary bit combination or character combination as a second sub keyfrom the set of all possible second sub keys, instructing the combinerto combine the first sub key and the second sub key to a key,instructing the verifier to verify, whether the key is valid, and if thekey has been verified as valid by the verifier, instructing thedecrypting device to decrypt the data with the key and/or using the keyas an authentication password.

The decrypting apparatus may be adapted and configured as discussedabove with respect to the decrypting method.

The verifier may be adapted to decrypt the data with the key and/or touse the password to authenticate on a computer. The requesting devicemay be adapted to request a user to enter the first sub key, such asentering the first sub key on an input device.

The combiner may concatenate the first sub key and the second sub key,insert the second sub key at an arbitrary position of the first sub key,insert the first sub key at

an arbitrary position of the second sub key, adding the second sub keyat the end or beginning of the first sub key and/or interleaving thefirst and second sub key. Concatenating, inserting, adding and insertingmay take place on bit level or character level.

The second sub key may be of a different length than the first sub key.The encrypting device may be adapted to generate a hash value based onthe key. The decrypting device may be adapted to generate a hash valuebased on the key and to compare the hash value with a stored hash value.

The second sub key is an unknown part of the key. This second sub key isselected in a random manner or in a pseudo random manner being more orless similar to a random pattern. Further the length of the second subkey and accordingly its information content is to be selected such thatthe number of possible keys generated by combining the first sub key andthe second sub key is so high that even by using a highly performantcomputer or computer cluster the time span for brute forcing thepassword or key is significantly increased. It is to be understood thatthe second sub key may have a length that does not overly reduce theusability for the user by a long idle time when authenticating on acomputer or when decrypting an archive.

The encryption and decryption apparatus may be implemented by discretecomponents, such as integrated circuits and/or application specificcircuits. The components of the encryption and decryption apparatus mayalso be implemented by a computer having a processor and a memory. Thecomputer may be a general purpose computer, including mobile telephones,tablet computers, notebooks, personal computers, servers and the like.

The invention also discloses an apparatus for encrypting and decryptingdata comprising the above components configured for encrypting andecrypting data.

The invention also discloses an authentication apparatus comprising theabove components configured for authenticating.

The encrypting method and/or the decrypting method may be computerimplemented methods.

The second sub key (“salt”) according to prior art methods is published(open) in these methods to the authenticating or decrypting user orsystem, in contrast to this invention, where the second sub key does notto need to be published to the authenticating user or system, thusgreatly increasing the difficulty of brute forcing the correct key.Methods using an additional “salt” sub key can be used in addition tothis invention, but do not have to be used for the invention to work.

In the prior art of encryption, in connection with using a public secondsub key (“salt”), the hashing procedure is sometimes repeated for asignificant number of times in order to increase the complexity of thedecryption or authentication step, thus increasing the time necessary totest each key. However, this method relies on the non-existence of amethod for the attacker to simplify successive hash operations, which isnot generally proven yet and hence disputed, in contrast to thisinvention, where not the complexity of the decryption or authenticationstep as such is increased, but the number of necessary independentdecryption or authentication attempts, thus avoiding any possibility tosimplify or shorten the decryption or authentication process as a wholeby any mathematical simplification methods or algorithms on part of theattacker.

The encrypting method and/or the decrypting method may be implemented bya computer program product, such as instructions stored on a datacarrier, such as a USB device, CD or DVD. The computer program productmay also be instruction data that can be transmitted by a suitablenetwork, such as the internet.

BRIEF DESCRIPTION OF THE FIGURES OF THE DRAWINGS

The invention is now explained by non-limiting exemplary embodimentswith reference to the accompanying drawings, wherein

FIG. 1 is a flowchart of an encryption method according to the presentinvention;

FIG. 2 is a flowchart of an decrypting method according to the presentinvention; and

FIG. 3 is an apparatus according to the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The invention is now explained with reference to FIGS. 1 to 3.

A requesting device 304 sends a request 102 for a first bit combinationor character combination as a first sub key to a user. The request isshown on an output device 308. The user enters the first bit combinationor character combination as a first sub key on an input device 306. Thefirst bit combination or character combination is stored in a memory310. A random or pseudo random generator 312 generates a second bitcombination or character combination as a second sub key 106, whereinthe second bit combination or character combination is a random orpseudo random pattern. Random or pseudo random generators are known tothe person skilled in the art and are not explained in further detailfor the sake of brevity.

A combiner 314 combines the first sub key and the second sub key to akey 108. The combining may include concatenating the first sub key andthe second sub key, inserting the second sub key at an arbitraryposition of the first sub key, inserting the first sub key at anarbitrary position of the second sub key and adding the second sub keyat the end or beginning of the first sub key and interleaving the firstsub key and the second sub key. An encryption device 316 may encryptdata with the key 110 and may pass the data or to an external storagemeans or transmission means 402. A password generator 318 may enter thepassword as an authentication password at an external computer 404 or aservice running on the same computer or a different computer 404.

The inventive encrypting and decrypting apparatus is also adapted todecrypt data or to provide a password for authenticating on a computeror at a service. The requesting device 304 sends a request for a firstbit combination or character combination as a first sub key 202 to anoutput device 308. The user may enter the known sub key on the inputdevice 306. The requesting device 304 stores the sub key in a memory310. The encryption and decryption apparatus 302 further comprises averifier for verifying, whether a key is valid, and a controller forcontrolling the key set generator 326, the combiner 314, and theverifier. The controller 324 instructs the key set generator 326 togenerate a second bit combination or character combination as a secondsub key 206, wherein the second bit combination or character combinationis selected one by one from the set of possible second sub keys.Thereafter the controller 324 instructs the combiner 314 to combine thefirst sub key and the second sub key to a key 210. Then, the controller324 instructs the verifier to verify, whether the key is valid 212. Ifthe key has been verified as valid by the verifier 320, the controller324 instructs a decrypting device 322 to decrypt the data with the keyand/or to use the key as an authentication password at an externalcomputer 404 or a service running on the same computer or a differentcomputer 404. The verifier 320 may be connected to the external computerin order to verify, whether the password is valid, and/or an externaldevice 402, on which the data stream to be decrypted is stored. It is tobe understood that the data stream to be decrypted may also be stored inthe encryption and decryption apparatus 302.

According to the present invention the security of the key is increased,since an attacker has to test an exponentially higher number of keys ascompared with the prior art having no unknown second sub key. The highersecurity of the key is caused in that the attacker has to test a highernumber of keys, called by the inventor of the present invention “forcedforcing”. Accordingly, the security of the key is increased by thefactor which is determined by the time which is acceptable by theintended user to wait for generating the second sub key and verifyingthe same for authenticating and logging into a computer system. The userknows a bits of the first sub key. The inventive encryption anddecryption method and apparatus generate b further bits provided in asecond sub key. The first sub key and second sub key are combined byconcatenating, inserting one key into the other adding one key at thebeginning or end of the other key and interleaving the sub keys. Thiscauses that an attacker has to test 2 a+b keys. It is an advantage ofthe present invention that thereby a key memorized by a human user canprovide effective protection against brute forcing.

1. A Method for at least one of encrypting and authenticating,comprising the following steps: Sending a request for a first bitcombination or character combination as a first sub key; storing saidfirst bit combination or character combination in the memory; generatinga second bit combination or character combination as a second sub key,wherein the second bit combination or character combination is a randomor pseudo random pattern; and combining said first sub key and secondsub key to a key; further comprising at least one of the followingsteps: encrypting the data with the key; using the key as anauthentication password.
 2. A method for at least one of decrypting andauthenticating, comprising the following steps: sending a request for afirst bit combination or character combination as a first sub key;storing said first bit combination or character combination in thememory; repeating the following steps until a key has been verified asvalid: generating one possible second bit combination or charactercombination of a plurality of possible second sub keys, wherein thesecond bit combination or character combination is selected from the setof all possible second sub keys; combining said first sub key and secondsub key to a key; verifying, whether the key is valid; if said key hasbeen verified as valid, decrypting the data with the key and/or usingthe key an authentication password.
 3. A method for encrypting anddecrypting, comprising the following steps: Sending a request for afirst encryption bit combination or character combination as a firstencryption sub key; storing said first encryption bit combination orcharacter combination in the memory; generating a second encryption bitcombination or character combination as a second sub key, wherein thesecond encryption bit combination or character combination is a randomor pseudo random pattern; and combining said first encryption sub keyand second encryption sub key to a encryption key; encrypting the datawith the encryption key; when said data is to be decrypted, performingthe following steps: sending a request for a first decryption bitcombination or character combination as a first decryption sub key;storing said first decryption bit combination or character combinationin the memory; repeating the following three steps until a decryptionkey has been verified as valid: generating one possible seconddecryption bit combination or character combination of a plurality ofpossible second sub keys, wherein the second decryption bit combinationor character combination is selected from the set of all possible secondsub keys; combining said first decryption sub key and second decryptionsub key to the decryption key; verifying, whether the decryption key isvalid; if said decryption key has been verified as valid, decrypting thedata with the decryption key.
 4. A method for authenticating, comprisingthe following steps: Sending a request for a first password selectionbit combination or character combination as a first sub key; storingsaid first password selection bit combination or character combinationin the memory; generating a second password selection bit combination orcharacter combination as a second password selection sub key, whereinthe second password selection bit combination or character combinationis a random or pseudo random pattern; and combining said first passwordselection sub key and second password selection sub key to a passwordselection key; using the password selection key as an authenticationpassword; when authentication is requested, performing the followingsteps: sending a request for a first authentication bit combination orcharacter combination as a first sub key; storing said firstauthentication bit combination or character combination in the memory;repeating the following three steps until a key has been verified asvalid: generating one possible second authentication bit combination orcharacter combination of a plurality of possible second sub keys,wherein the second authentication bit combination or charactercombination is selected from the set of all possible second sub keys;combining said first authentication sub key and second authenticationsub key to a key; verifying, whether the authentication key is valid; ifsaid authentication key has been verified as valid, using theauthentication key an authentication password.
 5. The method accordingto claim 2, wherein the step of verifying, whether the key is valid,includes at least one of attempting to decrypt the data andauthenticating using the password.
 6. The method according to claim 1,wherein the step of sending a request comprises the step of sending arequest to a user to enter the first sub key.
 7. The method according toclaim 1, wherein the step of combining the first sub key and the secondsub key includes at least one of the following steps: concatenating thefirst sub key and the second sub key; inserting the second sub key at anarbitrary position of the first sub key; inserting the first sub key atan arbitrary position of the second sub key; adding the second sub keyat the end or beginning of the first sub key; and interleaving the firstsub key and the second sub key.
 8. The method according to claim 1,wherein the second sub key is of a different length than the first subkey.
 9. The method according to claim 1, wherein the step of encryptingcomprises the step of generating and storing a hash value based on thekey; and/or the step of decrypting comprises the step of generating ahash value and comparing the generated hash value with a stored hashvalue.
 10. An apparatus for at least one of encrypting andauthenticating, comprising: a requesting device adapted to request afirst bit combination or character combination as a first sub key; amemory for storing said first bit combination or character combination;a random or pseudo random generator adapted to generate a second bitcombination or character combination as a random or pseudo random secondsub key; and a combiner adapted to combine said first sub key and secondsub key to a key; further comprising an encrypting device adapted toencrypt the data with the key; and/or a password generator adapted togenerate a password based on the key.
 11. An apparatus for at least oneof decrypting and authenticating, comprising: a requesting deviceadapted to request a first bit combination or character combination as afirst sub key; a memory for storing said first bit combination orcharacter combination; a key set generator adapted to generate at leastone bit combination or character combination as a second sub key chosenfrom the set of all possible second sub keys; a combiner adapted tocombine said first sub key and second sub key to a key; a verifieradapted to verify, whether the key is valid; and a controller adapted tocontrol the key set generator, the combiner, the verifier and thedecrypting device by instructing the key set generator to generate asecond sub key as a bit combination or character combination selectedfrom a set of all possible second sub keys; instructing the combiner tocombine said first sub key and second sub key to a key; instructing theverifier to verify, whether the key is valid; and if said key has beenverified as valid by the verifier, instructing a decrypting deviceadapted to decrypt the data with the key, to decrypt the data with thekey and/or using the key as an authentication password.
 12. Anencrypting and decrypting apparatus, comprising: a requesting deviceadapted to request a first encryption bit combination or charactercombination as a first sub key; a memory for storing said firstencryption bit combination or character combination; a random or pseudorandom generator adapted to generate a second encryption bit combinationor character combination as a random or pseudo random second encryptionsub key; and a combiner adapted to combine said first encryption sub keyand second encryption sub key to a key; an encrypting device adapted toencrypt the data with the encryption key; wherein the requesting deviceis adapted to request a first decryption bit combination or charactercombination as a first sub key; wherein the memory is adapted forstoring said first decryption bit combination or character combination;further comprising: a key set generator adapted to generate at least onedecryption bit combination or character combination as a secondencryption sub key chosen from the set of all possible second sub keys;a combiner adapted to combine said first decryption sub key and seconddecryption sub key to a key; a verifier adapted to verify, whether thedecryption key is valid; and a controller adapted to control the key setgenerator (326), the combiner (314), the verifier and the decryptingdevice by instructing the key set generator to generate a seconddecryption sub key as a decryption bit combination or charactercombination selected from a set of all possible second sub keys;instructing the combiner to combine said first decryption sub key andsecond decryption sub key to a decryption key; instructing the verifierto verify, whether the decryption key is valid; and if said decryptionkey has been verified as valid by the verifier, instructing a decryptingdevice adapted to decrypt the data with the decryption key, to decryptthe data with the decryption key.
 13. An authentication apparatus,comprising: a requesting device adapted to request a first passwordselection bit combination or character combination as a first sub key; amemory for storing said first password selection bit combination orcharacter combination; a random or pseudo random generator adapted togenerate a second password selection bit combination or charactercombination as a random or pseudo random second password selection subkey; and a combiner adapted to combine said first password selection subkey and password selection second sub key to a password selection key; apassword generator adapted to generate a password based on the passwordselection key; wherein the requesting device adapted to request a firstauthentication bit combination or character combination as a firstauthentication sub key; wherein the memory is adapted for storing saidfirst authentication bit combination or character combination; furthercomprising: a key set generator adapted to generate at least oneauthentication bit combination or character combination as a secondauthentication sub key chosen from the set of all possible second subkeys; a combiner adapted to combine said first authentication sub keyand second authentication sub key to a authentication key; a verifieradapted to verify, whether the authentication key is valid; and acontroller adapted to control the key set generator, the combiner, theverifier and the decrypting device by instructing the key set generatorto generate a second authentication sub key as a bit combination orcharacter combination selected from a set of all possible second subkeys; instructing the combiner to combine said first authentication subkey and second authentication sub key to a key; instructing the verifierto verify, whether the authentication key is valid; and if saidauthentication key has been verified as valid by the verifier,instructing a decrypting device adapted to decrypt the data with theauthentication key, using the authentication key as an authenticationpassword.
 14. The decrypting apparatus according to claim 11, whereinthe verifier is adapted to at least one of decrypting the data with thekey and using the password to authenticate on a computer.
 15. Theapparatus according to claim 11, wherein the requesting device isadapted to request a user to enter the first sub key.
 16. The apparatusaccording to claim 10, wherein the combiner is adapted to concatenatethe first sub key and the second sub key; insert the second sub key atan arbitrary position of the first sub key; insert the first sub key atan arbitrary position of the second sub key; adding the second sub keyat the end or beginning of the first sub key; and interleaving the firstsub key and the second sub key.
 17. The apparatus according to claim 10,wherein the second sub key is of a different length than the first subkey.
 18. The apparatus according to claim 10, wherein the encryptingdevice is adapted to generate a hash value based on the key; thedecrypting device is adapted to generate a hash value based on the keyand to compare the hash value with a stored hash value.